CVE-2026-7253
MEDIUMIBM Watson Speech Services Cartridge - Authenticated Server-Side Request Forgery
Title source: manualDescription
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
References (1)
Core 1
Core References
Scores
CVSS v3
5.3
EPSS
0.0020
EPSS Percentile
10.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (3)
IBM/IBM Watson Speech Services Cartridge
4.0.0 - 5.3.1
ibm/watson_speech_services_cartridge
5.3.1
ibm/watson_speech_services_cartridge
4.0.0 - 5.3.1
Published
Jun 22, 2026
Tracked Since
Jun 22, 2026